From: Greg Kroah-Hartman Date: Sat, 7 Oct 2023 09:56:44 +0000 (+0200) Subject: 6.5-stable patches X-Git-Tag: v4.14.327~79 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=776b65bc0509e0432b18e35ade96d530f56e20ef;p=thirdparty%2Fkernel%2Fstable-queue.git 6.5-stable patches added patches: net-add-sysctl-accept_ra_min_rtr_lft.patch net-change-accept_ra_min_rtr_lft-to-affect-all-ra-lifetimes.patch net-release-reference-to-inet6_dev-pointer.patch --- diff --git a/queue-6.5/net-add-sysctl-accept_ra_min_rtr_lft.patch b/queue-6.5/net-add-sysctl-accept_ra_min_rtr_lft.patch new file mode 100644 index 00000000000..1eadc86fc61 --- /dev/null +++ b/queue-6.5/net-add-sysctl-accept_ra_min_rtr_lft.patch @@ -0,0 +1,159 @@ +From 1671bcfd76fdc0b9e65153cf759153083755fe4c Mon Sep 17 00:00:00 2001 +From: Patrick Rohr +Date: Wed, 19 Jul 2023 07:52:13 -0700 +Subject: net: add sysctl accept_ra_min_rtr_lft +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Patrick Rohr + +commit 1671bcfd76fdc0b9e65153cf759153083755fe4c upstream. + +This change adds a new sysctl accept_ra_min_rtr_lft to specify the +minimum acceptable router lifetime in an RA. If the received RA router +lifetime is less than the configured value (and not 0), the RA is +ignored. +This is useful for mobile devices, whose battery life can be impacted +by networks that configure RAs with a short lifetime. On such networks, +the device should never gain IPv6 provisioning and should attempt to +drop RAs via hardware offload, if available. + +Signed-off-by: Patrick Rohr +Cc: Maciej Żenczykowski +Cc: Lorenzo Colitti +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + Documentation/networking/ip-sysctl.rst | 8 ++++++++ + include/linux/ipv6.h | 1 + + include/uapi/linux/ipv6.h | 1 + + net/ipv6/addrconf.c | 10 ++++++++++ + net/ipv6/ndisc.c | 18 ++++++++++++++++-- + 5 files changed, 36 insertions(+), 2 deletions(-) + +--- a/Documentation/networking/ip-sysctl.rst ++++ b/Documentation/networking/ip-sysctl.rst +@@ -2287,6 +2287,14 @@ accept_ra_min_hop_limit - INTEGER + + Default: 1 + ++accept_ra_min_rtr_lft - INTEGER ++ Minimum acceptable router lifetime in Router Advertisement. ++ ++ RAs with a router lifetime less than this value shall be ++ ignored. RAs with a router lifetime of 0 are unaffected. ++ ++ Default: 0 ++ + accept_ra_pinfo - BOOLEAN + Learn Prefix Information in Router Advertisement. + +--- a/include/linux/ipv6.h ++++ b/include/linux/ipv6.h +@@ -33,6 +33,7 @@ struct ipv6_devconf { + __s32 accept_ra_defrtr; + __u32 ra_defrtr_metric; + __s32 accept_ra_min_hop_limit; ++ __s32 accept_ra_min_rtr_lft; + __s32 accept_ra_pinfo; + __s32 ignore_routes_with_linkdown; + #ifdef CONFIG_IPV6_ROUTER_PREF +--- a/include/uapi/linux/ipv6.h ++++ b/include/uapi/linux/ipv6.h +@@ -198,6 +198,7 @@ enum { + DEVCONF_IOAM6_ID_WIDE, + DEVCONF_NDISC_EVICT_NOCARRIER, + DEVCONF_ACCEPT_UNTRACKED_NA, ++ DEVCONF_ACCEPT_RA_MIN_RTR_LFT, + DEVCONF_MAX + }; + +--- a/net/ipv6/addrconf.c ++++ b/net/ipv6/addrconf.c +@@ -202,6 +202,7 @@ static struct ipv6_devconf ipv6_devconf + .ra_defrtr_metric = IP6_RT_PRIO_USER, + .accept_ra_from_local = 0, + .accept_ra_min_hop_limit= 1, ++ .accept_ra_min_rtr_lft = 0, + .accept_ra_pinfo = 1, + #ifdef CONFIG_IPV6_ROUTER_PREF + .accept_ra_rtr_pref = 1, +@@ -262,6 +263,7 @@ static struct ipv6_devconf ipv6_devconf_ + .ra_defrtr_metric = IP6_RT_PRIO_USER, + .accept_ra_from_local = 0, + .accept_ra_min_hop_limit= 1, ++ .accept_ra_min_rtr_lft = 0, + .accept_ra_pinfo = 1, + #ifdef CONFIG_IPV6_ROUTER_PREF + .accept_ra_rtr_pref = 1, +@@ -5602,6 +5604,7 @@ static inline void ipv6_store_devconf(st + array[DEVCONF_IOAM6_ID_WIDE] = cnf->ioam6_id_wide; + array[DEVCONF_NDISC_EVICT_NOCARRIER] = cnf->ndisc_evict_nocarrier; + array[DEVCONF_ACCEPT_UNTRACKED_NA] = cnf->accept_untracked_na; ++ array[DEVCONF_ACCEPT_RA_MIN_RTR_LFT] = cnf->accept_ra_min_rtr_lft; + } + + static inline size_t inet6_ifla6_size(void) +@@ -6794,6 +6797,13 @@ static const struct ctl_table addrconf_s + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec, ++ }, ++ { ++ .procname = "accept_ra_min_rtr_lft", ++ .data = &ipv6_devconf.accept_ra_min_rtr_lft, ++ .maxlen = sizeof(int), ++ .mode = 0644, ++ .proc_handler = proc_dointvec, + }, + { + .procname = "accept_ra_pinfo", +--- a/net/ipv6/ndisc.c ++++ b/net/ipv6/ndisc.c +@@ -1281,6 +1281,8 @@ static enum skb_drop_reason ndisc_router + if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) + return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS; + ++ lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); ++ + if (!ipv6_accept_ra(in6_dev)) { + ND_PRINTK(2, info, + "RA: %s, did not accept ra for dev: %s\n", +@@ -1288,6 +1290,13 @@ static enum skb_drop_reason ndisc_router + goto skip_linkparms; + } + ++ if (lifetime != 0 && lifetime < in6_dev->cnf.accept_ra_min_rtr_lft) { ++ ND_PRINTK(2, info, ++ "RA: router lifetime (%ds) is too short: %s\n", ++ lifetime, skb->dev->name); ++ goto skip_linkparms; ++ } ++ + #ifdef CONFIG_IPV6_NDISC_NODETYPE + /* skip link-specific parameters from interior routers */ + if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) { +@@ -1340,8 +1349,6 @@ static enum skb_drop_reason ndisc_router + goto skip_defrtr; + } + +- lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); +- + #ifdef CONFIG_IPV6_ROUTER_PREF + pref = ra_msg->icmph.icmp6_router_pref; + /* 10b is handled as if it were 00b (medium) */ +@@ -1493,6 +1500,13 @@ skip_linkparms: + goto out; + } + ++ if (lifetime != 0 && lifetime < in6_dev->cnf.accept_ra_min_rtr_lft) { ++ ND_PRINTK(2, info, ++ "RA: router lifetime (%ds) is too short: %s\n", ++ lifetime, skb->dev->name); ++ goto out; ++ } ++ + #ifdef CONFIG_IPV6_ROUTE_INFO + if (!in6_dev->cnf.accept_ra_from_local && + ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, diff --git a/queue-6.5/net-change-accept_ra_min_rtr_lft-to-affect-all-ra-lifetimes.patch b/queue-6.5/net-change-accept_ra_min_rtr_lft-to-affect-all-ra-lifetimes.patch new file mode 100644 index 00000000000..4345ea14d92 --- /dev/null +++ b/queue-6.5/net-change-accept_ra_min_rtr_lft-to-affect-all-ra-lifetimes.patch @@ -0,0 +1,209 @@ +From 5027d54a9c30bc7ec808360378e2b4753f053f25 Mon Sep 17 00:00:00 2001 +From: Patrick Rohr +Date: Wed, 26 Jul 2023 16:07:01 -0700 +Subject: net: change accept_ra_min_rtr_lft to affect all RA lifetimes +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Patrick Rohr + +commit 5027d54a9c30bc7ec808360378e2b4753f053f25 upstream. + +accept_ra_min_rtr_lft only considered the lifetime of the default route +and discarded entire RAs accordingly. + +This change renames accept_ra_min_rtr_lft to accept_ra_min_lft, and +applies the value to individual RA sections; in particular, router +lifetime, PIO preferred lifetime, and RIO lifetime. If any of those +lifetimes are lower than the configured value, the specific RA section +is ignored. + +In order for the sysctl to be useful to Android, it should really apply +to all lifetimes in the RA, since that is what determines the minimum +frequency at which RAs must be processed by the kernel. Android uses +hardware offloads to drop RAs for a fraction of the minimum of all +lifetimes present in the RA (some networks have very frequent RAs (5s) +with high lifetimes (2h)). Despite this, we have encountered networks +that set the router lifetime to 30s which results in very frequent CPU +wakeups. Instead of disabling IPv6 (and dropping IPv6 ethertype in the +WiFi firmware) entirely on such networks, it seems better to ignore the +misconfigured routers while still processing RAs from other IPv6 routers +on the same network (i.e. to support IoT applications). + +The previous implementation dropped the entire RA based on router +lifetime. This turned out to be hard to expand to the other lifetimes +present in the RA in a consistent manner; dropping the entire RA based +on RIO/PIO lifetimes would essentially require parsing the whole thing +twice. + +Fixes: 1671bcfd76fd ("net: add sysctl accept_ra_min_rtr_lft") +Cc: Lorenzo Colitti +Signed-off-by: Patrick Rohr +Reviewed-by: Maciej Żenczykowski +Reviewed-by: David Ahern +Link: https://lore.kernel.org/r/20230726230701.919212-1-prohr@google.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + Documentation/networking/ip-sysctl.rst | 8 ++++---- + include/linux/ipv6.h | 2 +- + include/uapi/linux/ipv6.h | 2 +- + net/ipv6/addrconf.c | 13 ++++++++----- + net/ipv6/ndisc.c | 27 +++++++++++---------------- + 5 files changed, 25 insertions(+), 27 deletions(-) + +--- a/Documentation/networking/ip-sysctl.rst ++++ b/Documentation/networking/ip-sysctl.rst +@@ -2287,11 +2287,11 @@ accept_ra_min_hop_limit - INTEGER + + Default: 1 + +-accept_ra_min_rtr_lft - INTEGER +- Minimum acceptable router lifetime in Router Advertisement. ++accept_ra_min_lft - INTEGER ++ Minimum acceptable lifetime value in Router Advertisement. + +- RAs with a router lifetime less than this value shall be +- ignored. RAs with a router lifetime of 0 are unaffected. ++ RA sections with a lifetime less than this value shall be ++ ignored. Zero lifetimes stay unaffected. + + Default: 0 + +--- a/include/linux/ipv6.h ++++ b/include/linux/ipv6.h +@@ -33,7 +33,7 @@ struct ipv6_devconf { + __s32 accept_ra_defrtr; + __u32 ra_defrtr_metric; + __s32 accept_ra_min_hop_limit; +- __s32 accept_ra_min_rtr_lft; ++ __s32 accept_ra_min_lft; + __s32 accept_ra_pinfo; + __s32 ignore_routes_with_linkdown; + #ifdef CONFIG_IPV6_ROUTER_PREF +--- a/include/uapi/linux/ipv6.h ++++ b/include/uapi/linux/ipv6.h +@@ -198,7 +198,7 @@ enum { + DEVCONF_IOAM6_ID_WIDE, + DEVCONF_NDISC_EVICT_NOCARRIER, + DEVCONF_ACCEPT_UNTRACKED_NA, +- DEVCONF_ACCEPT_RA_MIN_RTR_LFT, ++ DEVCONF_ACCEPT_RA_MIN_LFT, + DEVCONF_MAX + }; + +--- a/net/ipv6/addrconf.c ++++ b/net/ipv6/addrconf.c +@@ -202,7 +202,7 @@ static struct ipv6_devconf ipv6_devconf + .ra_defrtr_metric = IP6_RT_PRIO_USER, + .accept_ra_from_local = 0, + .accept_ra_min_hop_limit= 1, +- .accept_ra_min_rtr_lft = 0, ++ .accept_ra_min_lft = 0, + .accept_ra_pinfo = 1, + #ifdef CONFIG_IPV6_ROUTER_PREF + .accept_ra_rtr_pref = 1, +@@ -263,7 +263,7 @@ static struct ipv6_devconf ipv6_devconf_ + .ra_defrtr_metric = IP6_RT_PRIO_USER, + .accept_ra_from_local = 0, + .accept_ra_min_hop_limit= 1, +- .accept_ra_min_rtr_lft = 0, ++ .accept_ra_min_lft = 0, + .accept_ra_pinfo = 1, + #ifdef CONFIG_IPV6_ROUTER_PREF + .accept_ra_rtr_pref = 1, +@@ -2733,6 +2733,9 @@ void addrconf_prefix_rcv(struct net_devi + return; + } + ++ if (valid_lft != 0 && valid_lft < in6_dev->cnf.accept_ra_min_lft) ++ return; ++ + /* + * Two things going on here: + * 1) Add routes for on-link prefixes +@@ -5604,7 +5607,7 @@ static inline void ipv6_store_devconf(st + array[DEVCONF_IOAM6_ID_WIDE] = cnf->ioam6_id_wide; + array[DEVCONF_NDISC_EVICT_NOCARRIER] = cnf->ndisc_evict_nocarrier; + array[DEVCONF_ACCEPT_UNTRACKED_NA] = cnf->accept_untracked_na; +- array[DEVCONF_ACCEPT_RA_MIN_RTR_LFT] = cnf->accept_ra_min_rtr_lft; ++ array[DEVCONF_ACCEPT_RA_MIN_LFT] = cnf->accept_ra_min_lft; + } + + static inline size_t inet6_ifla6_size(void) +@@ -6799,8 +6802,8 @@ static const struct ctl_table addrconf_s + .proc_handler = proc_dointvec, + }, + { +- .procname = "accept_ra_min_rtr_lft", +- .data = &ipv6_devconf.accept_ra_min_rtr_lft, ++ .procname = "accept_ra_min_lft", ++ .data = &ipv6_devconf.accept_ra_min_lft, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec, +--- a/net/ipv6/ndisc.c ++++ b/net/ipv6/ndisc.c +@@ -1281,8 +1281,6 @@ static enum skb_drop_reason ndisc_router + if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) + return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS; + +- lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); +- + if (!ipv6_accept_ra(in6_dev)) { + ND_PRINTK(2, info, + "RA: %s, did not accept ra for dev: %s\n", +@@ -1290,13 +1288,6 @@ static enum skb_drop_reason ndisc_router + goto skip_linkparms; + } + +- if (lifetime != 0 && lifetime < in6_dev->cnf.accept_ra_min_rtr_lft) { +- ND_PRINTK(2, info, +- "RA: router lifetime (%ds) is too short: %s\n", +- lifetime, skb->dev->name); +- goto skip_linkparms; +- } +- + #ifdef CONFIG_IPV6_NDISC_NODETYPE + /* skip link-specific parameters from interior routers */ + if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) { +@@ -1337,6 +1328,14 @@ static enum skb_drop_reason ndisc_router + goto skip_defrtr; + } + ++ lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); ++ if (lifetime != 0 && lifetime < in6_dev->cnf.accept_ra_min_lft) { ++ ND_PRINTK(2, info, ++ "RA: router lifetime (%ds) is too short: %s\n", ++ lifetime, skb->dev->name); ++ goto skip_defrtr; ++ } ++ + /* Do not accept RA with source-addr found on local machine unless + * accept_ra_from_local is set to true. + */ +@@ -1500,13 +1499,6 @@ skip_linkparms: + goto out; + } + +- if (lifetime != 0 && lifetime < in6_dev->cnf.accept_ra_min_rtr_lft) { +- ND_PRINTK(2, info, +- "RA: router lifetime (%ds) is too short: %s\n", +- lifetime, skb->dev->name); +- goto out; +- } +- + #ifdef CONFIG_IPV6_ROUTE_INFO + if (!in6_dev->cnf.accept_ra_from_local && + ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, +@@ -1531,6 +1523,9 @@ skip_linkparms: + if (ri->prefix_len == 0 && + !in6_dev->cnf.accept_ra_defrtr) + continue; ++ if (ri->lifetime != 0 && ++ ntohl(ri->lifetime) < in6_dev->cnf.accept_ra_min_lft) ++ continue; + if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen) + continue; + if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) diff --git a/queue-6.5/net-release-reference-to-inet6_dev-pointer.patch b/queue-6.5/net-release-reference-to-inet6_dev-pointer.patch new file mode 100644 index 00000000000..e511060f5d5 --- /dev/null +++ b/queue-6.5/net-release-reference-to-inet6_dev-pointer.patch @@ -0,0 +1,41 @@ +From 5cb249686e67dbef3ffe53887fa725eefc5a7144 Mon Sep 17 00:00:00 2001 +From: Patrick Rohr +Date: Fri, 18 Aug 2023 11:22:49 -0700 +Subject: net: release reference to inet6_dev pointer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Patrick Rohr + +commit 5cb249686e67dbef3ffe53887fa725eefc5a7144 upstream. + +addrconf_prefix_rcv returned early without releasing the inet6_dev +pointer when the PIO lifetime is less than accept_ra_min_lft. + +Fixes: 5027d54a9c30 ("net: change accept_ra_min_rtr_lft to affect all RA lifetimes") +Cc: Maciej Żenczykowski +Cc: Lorenzo Colitti +Cc: David Ahern +Cc: Simon Horman +Reviewed-by: Simon Horman +Reviewed-by: Maciej Żenczykowski +Signed-off-by: Patrick Rohr +Reviewed-by: Leon Romanovsky +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv6/addrconf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/ipv6/addrconf.c ++++ b/net/ipv6/addrconf.c +@@ -2734,7 +2734,7 @@ void addrconf_prefix_rcv(struct net_devi + } + + if (valid_lft != 0 && valid_lft < in6_dev->cnf.accept_ra_min_lft) +- return; ++ goto put; + + /* + * Two things going on here: diff --git a/queue-6.5/series b/queue-6.5/series index 28fe3719714..b28b54f7a5b 100644 --- a/queue-6.5/series +++ b/queue-6.5/series @@ -17,4 +17,7 @@ btrfs-remove-end_extent_writepage.patch btrfs-don-t-clear-uptodate-on-write-errors.patch arm64-add-hwcap-for-feat_hbc-hinted-conditional-bran.patch arm64-cpufeature-fix-clrbhb-and-bc-detection.patch +net-add-sysctl-accept_ra_min_rtr_lft.patch +net-change-accept_ra_min_rtr_lft-to-affect-all-ra-lifetimes.patch +net-release-reference-to-inet6_dev-pointer.patch iommu-arm-smmu-v3-avoid-constructing-invalid-range-c.patch